Date: Sat, 7 Jul 2018 02:37:58 +0300
From: "Dmitry V. Levin" <ldv@...linux.org>
To: owl-dev@...ts.openwall.com
Subject: Re: [PATCH 0/5] pam_tcb update
On Fri, Jul 06, 2018 at 03:33:28PM +0200, Solar Designer wrote:
> On Thu, Jul 05, 2018 at 02:29:19AM +0300, Dmitry V. Levin wrote:
> > I've got a few patches for pam_tcb. Tested in Sisyphus.
>
> Thanks. I think we should get these into Owl-current (even though these
> changes don't matter much for Owl yet), test them a bit more in there,
> then release tcb 1.2. For the testing in Owl-current, use version
> numbers like 1.1.x or even 1.1.9.x (indicating that we're closer to 1.2
> than to 1.1).
OK, but I'm not sure I remember correctly how to get anything into
Owl-current.
> For the release, we also need updated LICENSE (copyright years) and
> ChangeLog. We could also use this opportunity to relax the license for
> our newly written source files (not inherited from pam_unix). There's
> no reason to subject them to 3-clause BSD or GPL (BTW, of unspecified
> version) that the whole thing is under for historical reasons - we can
> as well use 0-clause BSD for them (add such comments to the files
> themselves). If we go for this, we need to ask Rafal for his approval.
I don't mind changing the license this way, although I don't see any
practical difference so far.
> > pam_tcb: use pam_get_authtok(3) instead of _unix_read_password
>
> Does this mean we're dropping OpenPAM support, which you had once added?
No, I don't think so, OpenPAM provides pam_get_authtok with the same
interface as in Linux-PAM since 2002-04-08 and claims it is an OpenPAM
extension. Perhaps I should amend the commit message to mention this.
I haven't tried to build anything with OpenPAM for quite some time, though.
> > pam_tcb: request automatic prefix and entropy if libcrypt implements it
>
> Please add a 6th patch/commit that would change the default prefix from
> $2y$ to $2b$ to be friendlier to OpenBSD. I understand that ALT has to
> stay with $2y$ for a while longer, but I guess you can be overriding
> this default on pam_tcb's command line.
OK
--
ldv
Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)